From bb31aa5a55416831fe2dc59135929af1c612878d Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 12 Jun 2020 11:32:58 +0200
Subject: build: avoid -Wenum-conversion warnings with GCC 10

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 lib/algorithms.h        | 13 +++++++++++++
 lib/algorithms/sign.c   |  2 +-
 lib/crypto-api.c        |  4 ++--
 lib/hash_int.c          |  2 +-
 lib/nettle/pk.c         |  8 ++++----
 lib/tls-sig.c           |  4 ++--
 lib/tls13-sig.c         |  4 ++--
 lib/tls13/finished.c    |  2 +-
 lib/x509/pkcs12.c       |  4 ++--
 lib/x509/pkcs7.c        |  2 +-
 src/certtool.c          |  6 +++---
 tests/slow/hash-large.c |  2 +-
 12 files changed, 33 insertions(+), 20 deletions(-)

diff --git a/lib/algorithms.h b/lib/algorithms.h
index 9cdb3abf7a..7a051b6365 100644
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -174,11 +174,24 @@ inline static int _gnutls_mac_get_key_size(const mac_entry_st * e)
 		return e->key_size;
 }
 
+inline static gnutls_digest_algorithm_t
+_gnutls_mac_to_dig(gnutls_mac_algorithm_t mac)
+{
+	if (unlikely(mac >= GNUTLS_MAC_AEAD))
+		return GNUTLS_DIG_UNKNOWN;
+
+	return (gnutls_digest_algorithm_t)mac;
+}
+
+#define MAC_TO_DIG(mac) _gnutls_mac_to_dig(mac)
+
 /* Functions for digests. */
 #define _gnutls_x509_digest_to_oid _gnutls_x509_mac_to_oid
 #define _gnutls_digest_get_name _gnutls_mac_get_name
 #define _gnutls_hash_get_algo_len _gnutls_mac_get_algo_len
 
+#define DIG_TO_MAC(dig) (gnutls_mac_algorithm_t)(dig)
+
 /* Security against pre-image attacks */
 inline static int _gnutls_digest_is_secure(const mac_entry_st * e)
 {
diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index 0d8d1a89c9..2728a54478 100644
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -797,7 +797,7 @@ _gnutls_sign_get_hash_strength(gnutls_sign_algorithm_t sign)
 	if (unlikely(se == NULL))
 		return 0;
 
-	me = mac_to_entry(se->hash);
+	me = hash_to_entry(se->hash);
 	if (unlikely(me == NULL))
 		return 0;
 
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index caf8d713a3..00ecdd31b2 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -563,7 +563,7 @@ int
 gnutls_hash_init(gnutls_hash_hd_t * dig,
 		 gnutls_digest_algorithm_t algorithm)
 {
-	if (is_mac_algo_forbidden(algorithm))
+	if (is_mac_algo_forbidden(DIG_TO_MAC(algorithm)))
 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
 
 	*dig = gnutls_malloc(sizeof(digest_hd_st));
@@ -659,7 +659,7 @@ int
 gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,
 		 const void *ptext, size_t ptext_len, void *digest)
 {
-	if (is_mac_algo_forbidden(algorithm))
+	if (is_mac_algo_forbidden(DIG_TO_MAC(algorithm)))
 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
 
 	return _gnutls_hash_fast(algorithm, ptext, ptext_len, digest);
diff --git a/lib/hash_int.c b/lib/hash_int.c
index d326960e80..90ae6cf140 100644
--- a/lib/hash_int.c
+++ b/lib/hash_int.c
@@ -80,7 +80,7 @@ int _gnutls_digest_exists(gnutls_digest_algorithm_t algo)
 {
 	const gnutls_crypto_digest_st *cc = NULL;
 
-	if (is_mac_algo_forbidden(algo))
+	if (is_mac_algo_forbidden(DIG_TO_MAC(algo)))
 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
 
 	cc = _gnutls_get_crypto_digest(algo);
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index ccf403b007..57a8560ede 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -917,7 +917,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
 
 			/* This call will return a valid MAC entry and
 			 * getters will check that is not null anyway. */
-			me = mac_to_entry(_gnutls_gost_digest(pk_params->algo));
+			me = hash_to_entry(_gnutls_gost_digest(pk_params->algo));
 			if (_gnutls_mac_get_algo_len(me) != vdata->size) {
 				gnutls_assert();
 				_gnutls_debug_log
@@ -987,7 +987,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
 				ret = _gnutls_ecdsa_compute_k(k,
 							      curve_id,
 							      pk_params->params[ECC_K],
-							      sign_params->dsa_dig,
+							      DIG_TO_MAC(sign_params->dsa_dig),
 							      vdata->data,
 							      vdata->size);
 				if (ret < 0)
@@ -1056,7 +1056,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
 				ret = _gnutls_dsa_compute_k(k,
 							    pub.q,
 							    TOMPZ(priv),
-							    sign_params->dsa_dig,
+							    DIG_TO_MAC(sign_params->dsa_dig),
 							    vdata->data,
 							    vdata->size);
 				if (ret < 0)
@@ -1312,7 +1312,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
 
 			/* This call will return a valid MAC entry and
 			 * getters will check that is not null anyway. */
-			me = mac_to_entry(_gnutls_gost_digest(pk_params->algo));
+			me = hash_to_entry(_gnutls_gost_digest(pk_params->algo));
 			if (_gnutls_mac_get_algo_len(me) != vdata->size)
 				return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
 
diff --git a/lib/tls-sig.c b/lib/tls-sig.c
index 779e02c18f..7d2b04323e 100644
--- a/lib/tls-sig.c
+++ b/lib/tls-sig.c
@@ -160,7 +160,7 @@ _gnutls_handshake_sign_data10(gnutls_session_t session,
 	dconcat.data = concat;
 	dconcat.size = _gnutls_hash_get_algo_len(me);
 
-	ret = gnutls_privkey_sign_hash(pkey, me->id, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
+	ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
 				       &dconcat, signature);
 	if (ret < 0) {
 		gnutls_assert();
@@ -788,7 +788,7 @@ _gnutls_handshake_sign_crt_vrfy10(gnutls_session_t session,
 	dconcat.data = concat;
 	dconcat.size = _gnutls_hash_get_algo_len(me);
 
-	ret = gnutls_privkey_sign_hash(pkey, me->id, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
+	ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
 				       &dconcat, signature);
 	if (ret < 0) {
 		gnutls_assert();
diff --git a/lib/tls13-sig.c b/lib/tls13-sig.c
index e15d8305e2..b14390e353 100644
--- a/lib/tls13-sig.c
+++ b/lib/tls13-sig.c
@@ -104,7 +104,7 @@ _gnutls13_handshake_verify_data(gnutls_session_t session,
 		goto cleanup;
 	}
 
-	ret = gnutls_hash_fast(session->security_parameters.prf->id,
+	ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id),
 			       session->internals.handshake_hash_buffer.data,
 			       session->internals.handshake_hash_buffer_prev_len,
 			       prefix);
@@ -186,7 +186,7 @@ _gnutls13_handshake_sign_data(gnutls_session_t session,
 		goto cleanup;
 	}
 
-	ret = gnutls_hash_fast(session->security_parameters.prf->id,
+	ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id),
 			       session->internals.handshake_hash_buffer.data,
 			       session->internals.handshake_hash_buffer.length,
 			       tmp);
diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c
index 35ab87f9af..68eab993ea 100644
--- a/lib/tls13/finished.c
+++ b/lib/tls13/finished.c
@@ -45,7 +45,7 @@ int _gnutls13_compute_finished(const mac_entry_st *prf,
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	ret = gnutls_hash_fast(prf->id,
+	ret = gnutls_hash_fast(MAC_TO_DIG(prf->id),
 			       handshake_hash_buffer->data,
 			       handshake_hash_buffer->length,
 			       ts_hash);
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index cdb284026a..2dc0823905 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -1098,7 +1098,7 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass)
 		return _gnutls_asn2err(result);
 	}
 
-	algo = gnutls_oid_to_digest(oid);
+	algo = DIG_TO_MAC(gnutls_oid_to_digest(oid));
 	if (algo == GNUTLS_MAC_UNKNOWN) {
  unknown_mac:
 		gnutls_assert();
@@ -1970,7 +1970,7 @@ gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac,
 		*oid = (char*)tmp.data;
 	}
 
-	algo = gnutls_oid_to_digest((char*)tmp.data);
+	algo = DIG_TO_MAC(gnutls_oid_to_digest((char*)tmp.data));
 	if (algo == GNUTLS_MAC_UNKNOWN || mac_to_entry(algo) == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 98669e8879..0ff55ba04b 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -2277,7 +2277,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root,
 		/* If we add any attribute we should add them all */
 		/* Add hash */
 		digest_size = _gnutls_hash_get_algo_len(me);
-		ret = gnutls_hash_fast(me->id, data->data, data->size, digest);
+		ret = gnutls_hash_fast(MAC_TO_DIG(me->id), data->data, data->size, digest);
 		if (ret < 0) {
 			gnutls_assert();
 			return ret;
diff --git a/src/certtool.c b/src/certtool.c
index 0e24ac8281..6bdfe376b1 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1426,9 +1426,9 @@ static void cmd_parser(int argc, char **argv)
 
 	if (HAVE_OPT(VERIFY_PROFILE)) {
 		if (strcasecmp(OPT_ARG(VERIFY_PROFILE), "none")) {
-			cinfo.verification_profile = GNUTLS_PROFILE_UNKNOWN;
+			cinfo.verification_profile = (gnutls_sec_param_t)GNUTLS_PROFILE_UNKNOWN;
 		} else {
-			cinfo.verification_profile = gnutls_certificate_verification_profile_get_id(OPT_ARG(VERIFY_PROFILE));
+			cinfo.verification_profile = (gnutls_sec_param_t)gnutls_certificate_verification_profile_get_id(OPT_ARG(VERIFY_PROFILE));
 		}
 	} else if (!HAVE_OPT(VERIFY_ALLOW_BROKEN)) {
 		if (HAVE_OPT(VERIFY_CHAIN) || HAVE_OPT(VERIFY)) {
@@ -2956,7 +2956,7 @@ void generate_pkcs12(common_info_st * cinfo)
 	}
 
 	if (cinfo->hash != GNUTLS_DIG_UNKNOWN)
-		mac = cinfo->hash;
+		mac = (gnutls_mac_algorithm_t)cinfo->hash;
 	else
 		mac = GNUTLS_MAC_SHA1;
 
diff --git a/tests/slow/hash-large.c b/tests/slow/hash-large.c
index 33dc1df0da..71312ef369 100644
--- a/tests/slow/hash-large.c
+++ b/tests/slow/hash-large.c
@@ -139,7 +139,7 @@ void doit(void)
 	/* SHA1 */
 
 	err =
-	    gnutls_hash_fast(GNUTLS_MAC_SHA1, buf, size,
+	    gnutls_hash_fast(GNUTLS_DIG_SHA1, buf, size,
 			     digest);
 	if (err < 0)
 		fail("gnutls_hash_fast(SHA1) failed: %d\n", err);
-- 
cgit v1.2.1